Vulnerabilities > Kitesky > Kitecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2020-20521 | Cross-site Scripting vulnerability in Kitesky Kitecms 1.1.1 Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. | 6.1 |
| 2023-04-04 | CVE-2020-20522 | Cross-site Scripting vulnerability in Kitesky Kitecms 1.1 Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. | 6.1 |
| 2022-04-21 | CVE-2022-28445 | Files or Directories Accessible to External Parties vulnerability in Kitesky Kitecms 1.1.1 KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | 6.5 |
| 2021-08-12 | CVE-2021-31731 | Path Traversal vulnerability in Kitesky Kitecms 1.1.1 A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | 6.5 |